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(54) Metftod and systenn for digital Information protection 



(57) Adigital Infomiation protection scheme using an 
inproved security protocol. In a system in wtiich a user 
makes an access to a digital information provided by an 
Infonnation center (1 ) by connecting a computer card (3) 
owned by the user to an information terminal device (2) 
connected with the information center (1), a work key for 
encrypting a desired digital information is delivered from 
the informatbn center (1) to the connputer card (3) 
through the information terminal device (2). and the work 
key is registered in the computer card (3): tiie desired 



digital information encrypted by the work key is delivered 
from the information center (1) to the information termi- 
nal device (2); and an encrypted digital information deliv- 
ered from the information center (1) Is decrypted at the 
infonnation terminal device (2) by using the work key reg- 
istered In the computer card (3), and a decrypted digital 
information is provided to the user at the Information ter- 
minal devfoe (2). 
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Description 

BACKGROUND OF THE INVENTION 

Reld of the Invention 

The present invention relates to a digital irrformation 
protection scheme for preventing Illegal duplications of 
digital information such as cOgrtal audio information, dig- 
ital visual informatioa digital computer program informa- 
tion, etc. 

Description of the Background Art 

In recent years, due to the advance of the high speed 
digital communication techniques such as ISDN and dig- 
ital information compression technique for speeches, 
dynamic images, still pictures, etc. (including MPEG 
(Moving Picture Experts Group) and JPEG (Joint Photo- 
graphic coding Experts Group), it has become possible 
to deliver the writings such as music, video, pictures, 
books, etc. to each user terminal from an information 
center through a communication channel, by converting 
them into digital information, and compressing and 
encodng the digtal Information. 

In this regard, there are known examples of a deliv- 
ery service utilizing a personal computer communica- 
tion, etc. for a computer software which requires smaller 
amount of data compared with the digital Information 
such as video. However, this conventional software deliv- 
ery service utilizing a personal computer communica- 
tion, etc.. does not encrypt the software to t>e delivered, 
so that there has been a problem that it provides an envi- 
ronment in which an illegal copying of the software is eas- 
ier compared with a usual software sale system using a 
package such as a floppy disk. 

On the other hand, there is a computer software sale 
system using a CD-ROM that has recently been prac- 
ticed in the U.S.A.. In which a CD-ROM containing an 
encrypted main software and a non-encrypted software 
for demonstration Is soM arxJ distrbuted at low price, and 
when a user is satisfied with the trial on the software for 
denx)nstration. the user orders a purchase of ttie main 
software to a service center via the telephone, etc., in 
response to which the decryption key is notified to the 
user such that the user can use the encrypted main soft- 
ware on the purchased CD-ROM by decrypting it using 
the notified decryption key 

However, this computer software sale system using 
a CD-ROM also has prok)lems in that it requires a human 
action In acquiring the decryption key from the service 
center via the telephone, etc., and that a privacy of the 
user cannot be protected. Moreover, because of the 
invotvemertt of the human action, there is a possbility for 
the illegal copying induced by the unlawful conduct such 
as the illegal disposition of the deayptk>n key 



SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to 
provide a digital information protection scheme In which 

5 the leakage of the digital information to the third party 
can be protected and the Illegal copying of the digital 
information is difficult even for a legitimate user. 

According to one aspect of the present invention 
there is provided a method for digital information protec- 

10 tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
connecting a computer card owned by the user to an 
information terminal device connected with the informa- 
tion center, the method comprising the steps of: (a) car- 

15 rying out a mutual authenticatk>n between the computer 
card and the information terminal device; (b) carrying out 
a user authentication l>y the computer card through the 
information terminal device; (c) sending an Information 
request specifying the desired digital information of the 

20 user from the information terminal device to the informa- 
tion center by signing and encrypting an information 
identifier for identifying the desired digital information; (d) 
sending the work key for encrypting the desired digital 
information from the information center to the computer 

25 card by a cipher communication using a public key ayp- 
tosystem; (e) obtaining and registering the work key sent 
from the Information center at the computer card, and 
sending a work key receipt signature from the computer 
card to the information center; (f) receiving a work key 

30 request message containing a random number from the 
information terminal device at the computer card, 
erx^rypting the work key according to the random 
number, and sending an encrypted work key from the 
computer card to the information terminal device; (g) 
. 35 encryptingthedesireddigitalinformationspecffiedbythe 
information request by using the work k^ at the Informa- 
tion center, arxl serxJing the encrypted digital information 
from the information center to the information terminal 
device; (h) receiving and decrypting the encrypted work 

40 key sent from the computer card so as to obtain the work 
key at the information terminal device, receiving and 
decrypting the encrypted digital information sent from 
the information center by using the work key. and provid- 
ing the decrypted digital information to the user at the 

45 information terminal device; arxJ (i) sending an 
encrypted information receipt signature from the infor- 
mation terminal device to the information center, and 
recording the information request, the work key receipt 
signature, and the encrypted Information receipt signa- 

50 ture as a ground for charging at the information center. 
According to another aspect of the present invention 
there is provided a method for digital information protec- 
tion In a system In which a user makes an access to a 
digital information provided by an information center, by 

55 connecting a connputer card owned by the user to an 
information termir^l device connected with the informa- 
tion center, the method comprising the steps of: (a) car- 
rying out a mutual authentication t>etween the computer 
card and the information terminal device; (b) carrying out 
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a user authentication by the computer card through the 
information terminal device; (c) sending an information 
request specifying the desired digital infonnation of the 
user from the information terminal device to the informa- 
tion center by signing and encrypting an information 5 
identifier for identifying the desired digital information; (d) 
encrypting the desired digital information specified by the 
information request by using the work key at the informa- 
tion center, and sendngthe encrypted digital information 
from the information center to the infonnation terminal 10 
device and the computer card; (e) receiving and storing 
the ericrypted digital information sent from the informa- 
tion center at the information terminal device, and send- 
ing an information receipt signature from the computer 
card to the information cerrter via the information termi- 75 
nal device; (f) delivering the virork key for encrypting the 
desired digital information from the information center to 
the computer card, and obtaining and registering the 
work key sent from the information center at the compu- 
ter card, while returning a delivery certificate from the 20 
computer card to the information center; (g) receiving a 
work key request message containing a random number 
from the information terminal device at the corrputer 
card, encrypting the work key according to the rarKk)m 
nurTt>er, and sending an encrypted work k^ from the 25 
corrputer card to the irrformation terminal device; (h) 
receiving and decrypting the encrypted work key sent 
from the computer card so as to obtain the work key at 
the information terminal device, decrypting the 
encrypted digital information stored in the information 30 
terminal device by using the work k^, avd providing the 
decrypted digital information to the user at the informa- 
tion terminal device; and (i) sending an encrypted infor- 
mation receipt signature from the information terminal 
device to the information cerrter, and recording the infor- 35 
mation request, the encrypted information receipt signa- 
ture, and the delivery certificate as a ground for cfiarging 
at the information center. 

According to another aspect of the present invention 
there is provided a method for digital information protec- 40 
tion in a system in which a user makes an access to a 
digital information provided by an information cerrter, by 
connecting a computer card owned t>y the user to an 
information terminal device connected witii the informa- 
tion center, the method corrprising the steps of: deliver- 45 
ing a work key for enaypting a desired digital information 
from the information center to the computer card through 
the irrformation terminal device, and registering the work 
key in the computer card; delivering the desired digital 
information encrypted by the work key from tfre irrforma- so 
tion cerrter to the information terminal device; and 
decrypting an encrypted digital information delivered 
from the information cerrter at the irrformatbn terminal 
device by using the work key registered in the corrputer 
card, and providing a decrypted digital information to the ss 
user at the information terminal device. 

According to another aspect of the present inverrtion 
there is provided a digital inforrrration protection system, 
corrprising: an information center for provkling a cfigital 



information; an inforrrration terminal device connected 
with the inforrrration center; and a computer card owned 
by a user, such that the user makes an access to tiie 
digital inforrrration provided by tiie irrformation center by 
connecting the computer card to the inforrrration terrrrinal 
device; wherein the irrformation center, the information 
terminal device, arxi the corrputer card are adapted to: 
deliver a work key for encrypting a desired digital irrfor- 
mation from the inforrrration center to the computer card 
ttrrough the inforrrration terminal device, arxi register the 
work key in the conrputer card; deliver the desired digital 
information encrypted t>y the work k^ from the irrfornra- 
tion center to the infornration terminal device; arrd 
decrypt an encrypted digital infornration delivered from 
the irrfornrration center at the infornration terminal device 
by using the work key registered in the computer card, 
and provkJe a decrypted digital infornration to the user 
at the infornration termirral devrca 

According to another aspect of the present inverrtion 
there is prcvkJed an infornration center for a digital infor- 
nration protection system in which a user nrrakes an 
access to a digital infornration provided by the infornra- 
tion center by connecting a computer card owned by the 
user to an irrformation ternrrirral device connected with the 
information center, wherein the information center, the 
infonmation terminal device, arxi the conrputer card are 
adapted to: deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through tire infornration ternrrinal device, 
and register the work in the conrputer card; deliver 
the desired digital irrfornrration encrypted by the work k^ 
from the information center to tiie infornration ternrrinal 
device; and decrypt an encrypted digital infornration 
delivered from the infornration center at the infornration 
terminal device by using the work k^ registered in the 
computer card, and provide a decrypted digital infornra- 
tion to the user at the infornration terminal device; the 
information center conprising: infornration storage 
means for storing the digital infornration; conrmunication 
control means for making a conrmrrunication with the infor- 
nration terminal devrce; key generation nreans for gen- 
erating the work key; encryption mearrs for encryptirrg 
the digital infornration by using the work key; put)lic key 
ayptosystem means for encrypting the work key in order 
to make a cipher communication of the work key; arrd 
signature conversion means for providing a signature of 
tire infornrratfon center. 

Aocordirrg to another aspect of the preserrt irrverrtion 
there is provkled an irrfornrration terminal devk^ for a dig- 
ital information protection system in which a user makes 
an access to a cfigrtal infornration provkJed t>y an infor- 
mation cerrter t>y connecting a conrputer card owned by 
the user to tiie infornration ternrrinal device connected 
with the information center, wherein the infornration 
center, the infornration terminal devk;e. and the conrpu- 
ter card are adapted to: deliver a work key for encrypting 
a desired digital infornration from the infornration cerrter 
to tire computer card through the information ternrrinal 
devrce, and register the work key in the computer card; 
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deliver the desired digital information encrypted by ttie 
work key from ttie information center to ttie information 
terminal device; and decrypt an encrypted digital Infor- 
mation delivered from the information center at the infor- 
mation terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
intomiationtothe useratthe information terminal device; 
the information terminal device comprising: first commu- 
nication control means for making a communication with 
the information center; second communication control 
means for making a communk:ation with the computer 
careJ; Information storage means for storing the digital 
Information; public cryptosystem means for encrypting 
the work k^ in order to make a cipher communication 
of the work key; signature conversion means for provKl- 
ing a signature of the information terminal device; ran- 
dom number generation means for generating a random 
number; matching means for matching the rarvfom 
number generated by the random number generation 
means with a random number received from the corrpu- 
ter card; seaet key storage means for storing a secret 
key of tiie information terminal device; decryption means 
for decrypting an encrypted work key and an encrypted 
digital infomiation; arxJ secrecy protection means for 
physically protecting a secrecy of the random number 
generation means, the matching means, the secret key 
storage means, and the decryption means. 

According to another aspect of the present invention 
there is provided a computer card for a digital information 
protection system in which a user makes an access to a 
digital information prcvkied by an information center by 
connecting the corrputer card owned by the user to an 
information terminal device connected witii ttte informa- 
tion center, wherein the information center, the informa- 
tion terminal device, and tiie computer card are adapted 
to: deliver a work key for encrypting a desired digital infor- 
mation from the information center to the corrputer card 
through tiie information terminal device, and register the 
work key in the corrputer card; deliver the desired cfigital 
Information encrypted by the work key from the informa- 
tion center to the information terminal devk;e; and 
decrypt an encrypted digital informatfon delivered from 
the information center at the information terminal devfoe 
by using the work key registered in the computer card, 
and provkje a decrypted digital information to the user 
at the information terminal device; the computer card 
corrprising: communication control means for making a 
communication with the information terminal device; 
public cryptosystem means for encrypting the work key 
in order to make a cipher cormiunication of the work key; 
signature conversfon means for providing a signature of 
the corrputer card; and work key staage means for stor- 
ing the work key. 

Other features and advantages of the present inven- 
tion will become apparent from the follcwing description 
taken in conjunction with the accompanying drawings. 



BRIEF DESCRIPTION OF THE DRAWINGS 

Rg. 1 isaschematicblockdiagramofanoverall con- 
figuration for tiie first and second embodiments of a dig- 
5 ital information protection system according to the 
present inventfon. 

Rg. 2 is a bfock diagram of an internal configuration 
of an information center in the digital information protec- 
tion of Rg. 1. 

10 Rg. 3 is a block diagram of an internal configuration 
of an information terminal device in the digital information 
protection of Rg. 1. 

Rg. 4 is a block diagrm of an internal configuration 
of a computer card in tiie digital information protection of 

15 Rg. 1. 

Rg. 5 is a diagrammatic illustration showing a pro- 
cedure for a mutual authentication t)etween the informa- 
tion terminal devfoe and the corrputer card in the digital 
information protection of Rg. 1. 
20 Rg. 6 is a diagrammatic illustration showing a pro- 
cedure for a user auttrentication in the dig'rtal information 
protection of Rg. 1. 

Rg. 7 is a diagrammatic illustration shewing a pro- 
cedure for a user's selection in the digital information pro- 
25 tection of Rg. 1 . 

Rg. 8 is a diagrammatic illustration showing a pro- 
cedure for an infonmation request in the cOgrtal irrforma- 
tion protection of Rg. 1. 

Rg. 9 is a diagrammatic illustration showing a pro- 
30 cedure for a key delivery and a key receipt signing in the 
digital information protection of Rg. 1 according to the 
first embodiment. 

Rg. 10 is a diagrammatic illustration showing a pro- 
cedure for a work key WK request in the digital informa- 
35 tion protection of Rg. 1 according to the first 
embodiment 

Rg. 11 is a diagrammatic illustration showing a pro- 
cedure for an information delivery and an information uti- 
lization in the digital information protection of Fig. 1 
40 according to the first embodment 

Rg. 12 is a diagrammatic illustration showing a pro- 
cedure for an information delivery arxi storage and an 
information center authentication in the digital informa- 
tion protection of Rg. 1 according to the second embod- 
45 imenl 

Rg. 13 is a diagrammatic illustration showing a pro- 
cedure for a signing and a delivery certification prepara- 
tion in the cfigital information protection of Rg. 1 
according to the second embodiment. 

50 Rg. 1 4 is a diagrammatic illustration showing a pro- 
cedure for a key delivery and a delivery certification in 
the digital information protection of Fig. 1 according to 
the second embodiment. 

Rg. 15 is a diagrammatic illustration showing a pro- 

55 cedure for an information utilization in the digital informa- 
tion protection of Rg. 1 aocorcfing to the second 
embodiment when an infomrtation to be utilized is stored 
in the information temninal device. 
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Fig. 16 is a diagrammatic illustration showing a pro- 
cedure for an information utilization in ttie digital informa- 
tion protection of Rg. 1 according to the second 
embodiment when an information to be utilized is not 
stored in the information terminal device. 



DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

Referring now to Rg. 1 to Rg. 1 1 , the first embodi- 
ment of the digital information protection system accord- 
ing to the present invention will be descrbed in detail. 

In this first embodiment, the digital information pro- 
tection system has an overall configuration as shown in 
Rg. 1 . which cornprises an information center 1 , an infor- 
mation terminal device 2 connected with the information 
center 1, and a computer card 3 to be connected to the 
information terminal device 2. In addition, tiiere is also 
provided a certificate authority 4 which will be necessary 
only in a preliminary stage at a time of utilizing the public 
key ayptosystem as will be described below. 

The information center 1 stores a large number of 
digital information supplied from information providers, 
and manages them in a manner of a database. 

The information terminal device 2 is equipped with 
an image display device, a speech output device, etc. 
necessary in utilizing the digital information, and pro- 
vided at a home of each user. The information center 1 
and the information terminal device 2 are connected 
through a communication network such that they can 
communicate with each other through the communica- 
tion network. 

The computer card 3 is to t>e detachat^ty connected 
to the information terminal device 2, and capable of inter- 
nally storing data indicating a trade content re^rding 
which information has been purchased. TNs conputer 
card 3 is owned by each user, and each user can utilizes 
the purchased digital information (such as video, music, 
etc.) by sending it from the information center 1 to the 
irrfomiation tenminal device 2 by connecting this corrpu- 
ter card 3 to the infomrtation terminal device 2. 

The information center 1 has an internal configura- 
tion as shown in Rg. 2. which includes: an information 
input unit 1 1 for entering an information to be utilized; an 
information staage unit 12 for storing the information to 
be utilized; an information encryption unit 13 for encrypt- 
ing the information to be utilized; a WK generation unit 
1 4 for generating a work key WK to be used at a time of 
encrypting the infomiation to be utilized; a putAic conver- 
sion unit 15 for encrypting tiie work key WK; a signature 
conversion unit 16 for converting a signature to indicate 
that the encrypted work key WK belongs to the informa- 
tion center 1 ; a menrory 1 7 for storing a public key of the 
information center 1 , a certificate of the pid^ic key issued 
by the certificate autiiority 4, intermediate results of com- 
putations, etc.; a CPU 18 for controlling the information 
center 1 as a whole and executing the hash algorithm: a 
public key verification unit 19 for verifying the public key 



of the computer card 3. etc.; and a network input/output 
unit 20 for carrying out exchanges with the network. 

The information terminal device has an internal con- 
figuration as shown in Rg. 3, which includes: a card 

5 input/output unit 21 for carrying out exchanges with the 
computer card 3; a decryption key extraction unit 22 for 
carrying out ttie decryption of the public key cryptosys- 
tem; an information decryption unit 23 for carrying out 
the decryption of the information to l>e utilized; an infor- 

10 mation output unit 24 for outputting the decrypted infor- 
mation; an image display device 25a; a speech output 
devk:e 25b; a seaet protection mechanism 26 for phys- 
ically protecting the secrecy of the decryption k^ extrac- 
tion unit 22, the information decryption unit 23, and the 

15 information output unit 24; an information storage unit 27 
for storing the information to be utilized in an encrypted 
state; a network input/output unit 28 for carrying out 
exchanges with the network; a memory 29 for storing a 
public key of the information temiinal device 2, the cer- 

20 tificate of tiie pit>lic key issued by the certificate author'rty 
4, intermediate results of computations, eto.; a CPU 30 
for controlling tiie information terminal device 2 as a 
whole and executing the random number generation and 
tiie hash algorithm. 

25 The computer card 3 has an internal configuration 
as shown in Rg. 4, which includes: a public key verifica- 
tion device 31 for verifying the public key as a proper one 
according to the certificate issued by the certificate 
auttiorrty 4; a put)lic key cryptosystem device 32 for 

30 applying the encryption and the signature conversion; a 
comnunication device 33 for making a communication 
with the information terminal device 2; a password 
matching device 34 for carrying out the password match- 
ing for the user auttientication; a decryption key registra- 
rs tion device 35 for registering the decryption key of the 
purchased information; a memory 36 for storing a put>lic 
key of the computer card 3. the certificate of the public 
key issued tyy the certificate authority 4, intermediate 
results of computations, etc.; a CPU 37 for controlling 

40 the computer card 3 as a whole and executing the ran- 
dom number generation, etc.; a voltage monitoring 
device 38 for monitoring a voltage necessary in main- 
taining data such as the secret key, etc.; and a battery 
39 as a back-up power source. 

45 This distal information protection system of the first 
embodiment is operated according to the following infor- 
mation utilization protocol based on the digital informa- 
tion protection scheme of the present invention. 

50 (Preparatory set up) 

In the following, a conversion for encrypting a mes- 
sage M by a key K to obtain an encrypted message C 
will be denoted as C = EK(M), and a conversion for 
55 decrypting tiie encrypted message C to obtain the orig- 
inal message M will be denoted as M = DK(C). In partic- 
ular, in a case of utilizing the pufcriic key cryptosystem, 
the enayption will be denoted as C = EKp(M) and the 
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decryption will be denoted as M = DKs(C). Tlie latter can 
also be used as the signature conversion as well. 

The conrputer card 3 registers in advance its identi- 
fier IDu, its public key Kpu» a certificate Xpu of the public 
key Kpu. a public key Kpc of the certificate authority 4, 
and its secret key Ksu. where the secret key Ksu in par- 
ticular is registered into a write only region within the pub- 
lic key ayptosystem device 32 which Is a protected area 
that cannot be read out freely. The certificate Xpu is 
obtained as Xpu = DKsc(Kpu) when the public key Kpu 
is authenticated by the certificate authority 4, where the 
Ksc a secret key of the certificate authority 4 which is 
kept in secret at the certificate authority 4. 

Similarly, the infonnation terminal device 2 registers 
in advance its identifier IDg, its public key Kps, a certifi- 
cate Xps of the puWk: key Kps. a pidalic key Kpc of the 
certificate authority 4. and its secret key Kss. w^^f © the 
information center 1 registers in advance its Identifier 
IDm, its putrfic key Kpw. a certificate Xpw of the public 
key KpM, a public key Kpc of the certificate authority 
center 4. and its seaet key Ksm- Also, the computer card 
3 registers data (such as a password) for authenticating 
the user in a state that cannot be read out illegally, by 
encrypting it Ibr example. 

(Mutual authentication between the computer card 3 and 
the information terminal device 2) 

Rrst. the mutual authentication between the conrpu- 
ter card 3 and the infornnation terminal device 2 is carried 
out according to the procedure shown in Fig. 5 as follows. 

When the conrputer card 3 is connected to the infor- 
mation t^minal device 3 by being inserted therein, the 
random number R. the pul)lic key Kps of the information 
terminal device 2 and its certificate Xps, and the identifier 
IDs of the information terminal device 2 are sent from the 
information terminal device 2 to the computer card 3. 

Then, the conrputer card 3 judges whether the public 
key Kps of the information terminal device 2 is a proper 
one or not by certifying that the public key Kps of the 
information terminal device 2 and its certificate Xps are 
consistent, by utilizing the public key Kpc of the certifi- 
cate authority 4 registered therein. When it is judged as 
a proper one, the signature encryption conversion is 
applied to the random number R sent from the informa- 
tion terminal device 2, and T = EKps(DKsu(R)) or 
DKsu(EKps(R)). the public key Kpu of the computer card 
3 and its certificate Xpu, and the identifier IDu of the com- 
puter card 3 are sent from the conrputer card 3 to the 
infornnation terminal device 2. 

TTie information terminal device 2 certifies that the 
public key Kp^ of the computer card 3 is a proper one by 
utilizing the public key Kpc of the certificate authority 4 
registered therein, and then judges whether the con- 
nected conrputer card 3 is conrectly that of the identifier 
IDu or not by certifying whether T sent from the computer 
card 3 is consistent with R sent to the computer card 3. 



Here, when this certification fails (i.e.. a result is NG), 
the information ternninal device 2 indicates an error and 
ejects the conrputer card 3. 

5 (User authentication) 

Next, the user authentication is can^ied out accord- 
ing to the procedure shown in Rg. 6 as follows. 

The user enters a password Pswd into the informa- 

10 tion temiinal device 2. and the information terminal 
device 2 sends the entered password Pswd to the com- 
puter card 3 to judge whether the entered password 
Pswd is a correct one coinciding with the password reg- 
istered in the computer card 3 in advance. When the 

75 entered password Pswd is a connect one. it is judged that 
the user is a proper user, and a menu data is displayed 
to the user. 

In this procedure, the password input errors are 
allowed for a prescribed number of times, such as three 

20 limes, and when the password input was tried three times 
unsuccessfully, the error processing to indicate an error 
and eject the conrputer card 3 is earned out as there is 
a possibility for this user to be an improper user. In addi- 
tion, when this enror processing caused by three unsuc- 

25 cessful trials is repeated for a preswibed number of 
times, such as five times, this user is judged as an 
inrproper user and the conrputer card 3 is invalidated. 

Here, it is also possible to use different user authen- 
tication schemes. For exanrple. it is possible to use a 

30 scheme in which the predetemriined password is 
encrypted and stored in the computer card 3, arxl 
whether an encrypted result of the character string 
entered at the information terminal device 2 coincides 
with the stored encrypted password or not is checked, or 

35 whether the character string entered at the information 
temiinal device 2 coincides with a decryptton result of 
the stored encrypted password or not is checked. 

It is also possible to use a scheme in which the pre- 
detemriined password is stored in the conrputer card 3 

40 either in an encrypted state or in a non-encrypted state, 
the character string entered at the information terminal 
device 2 is communicated from the information terminal 
device 2 to the computer card 3 iDy means of the cipher 
communication, whether the communicated character 

45 string coincides with the stored one or not is checked at 
the computer card 3. a parity of a random number gen- 
erated according to whether the communicated charac- 
ter stririg coincides with the stored one or not is adjusted 
in the known manner, and this random number is com- 

50 municated from the computer card 3 to the information 
terminal device 2 by means of the cipher communication. 

It is also possit)le to use a scheme in which the pre- 
detemriined password is stored in the conrputer card 3 
either in an encrypted state or in a non-encrypted state. 

55 a sum or an exclusive OR of the character string entered 
at the information terminal device 2 and a random 
number generated at the infornnation terminal device 2 
is cafoidated, this calculation result is communication 
from the information terminal device 2 to the computer 
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card 3 by means of the cipher communication, a differ- 
ence or an exclusive OR of the comnnunicated calcula- 
tion result and the password registered in advance Is 
calculated at the computer card 3 and an obtained value 
is returned from the computer card 3 to the information 5 
terminal device 2, and whether the returned value coin- 
cides with the generated random number or not is 
checked at the information terminal device 2. 



SKm = DKsm(Ck) to the computer card 3 via the informa- 
tion terminal device 2, 

Then, the conputer card 3 verifies whether the sig- 
nature is correct or not, obtains the work key WK by 
decrypting Ck, and sends Sy ^ DKsu(SKm) to the infor- 
mation center 1 via the infbnuation terminal device 2 as 
a receipt signature for the work key WK. Meanwhile, the 
obtained work key WK is stored in the corrputer card 3 
along with the information identifier Req in a state that 
cannot be read out illegally, by encrypting it for example. 



{User's selection) 10 



Next, the user's selection is carried out according to 
the procedure shewn in Fig. 7 as follows. 

Namely, the user selects the desired information 
from the menudata displayed by the infomnation terminal 
device 2. 

(Information request) 

Next the information request is carried out accord- 
ing to the procedure shown in Fig. 8 as follcws. 

The information terminal device 2 servis a set RKX 
including the information identifier Req for the informa- 
tion selected by the user (which can be given t>y an inter- 
nationally valid code such as an international recording 
code ISRCforthe music information, or an identification 
number assigned by the information provider that can 
uniquely identify the information, etc.)* and the public key 
KpM of the information center 1 and its certificate XpM, 
to the corrputer card 3. 

TTien, the corrputer card 3 certifies that the public 
key Kpi^ of the informatfon center 1 and Hs certificate Xp^ 
are consistent by using the public key Kp^ of the certifi- 
cate authority 4 registered therein, signs Req, and 
ot>tains RQS = DKsu(^^- Then, the computer card 3 
encrypts this RQS by the public key Kpj^ of the informa- 
tion center 1 to obtain Ry = EKpm(RQS). and sends this 
Rfj to the information terminal device 2. 

When Ru is received, the information terminal 
device 2 sends this f\j along with the put>lic key Kpy of 
the computer card 3 and its certif rcate Xpu to the infor- 
mation center 1. Then, the information center 1 certifies 
that the put}lic key Kpu of the corrputer card 3 and its 
certificate Xpy that are sent from the information terminal 
device 2 are consistent and obtains RQS = DKsm(Ru)- 
Then, the informatfon center 1 obtains Req = 
EKpu(RQS), arxf retrieves the information specified by 
the obtained Req. 

(Key delivery and key receipt signing) 

Next the key delivery and the key receipt signing are 
carried out according to the procedure shown in Fig. 9 
as follows. 

The irrformatfon center 1 generates the vwrk key WK 
for encrypting the information to be utilized, encrypts this 
work key WK by the public key Kpu off the conputer card 
3. signs Ck = EKpyCWK)' and sends this Ck along with 



(Work key WK request) 

Next, the work key WK request is carried out acoord- 
15 ing to the procedure shown in Rg. 1 0 as foltows. 

Namely, after the information terminal device 2 sent 
Su to the information center 1 , the information terminal 
devfoe 2 sends a WK request message ReqW containing 
a random number r to the computer card 3. 

20 

(Information delivery and information utilization) 

Next, the information delivery arxi the information 
utilization are carried out according to the procedure 
25 shown in Rg. 11 as follows. 

The corrputer card 3 concatenates the random 
number r contained in the WK request message ReqW 
and the work key WK, encrypts them by the public key 
Kps of the information terminal device 2. and sends the 
30 resulting V = EKps(WK. r) to the information terminal 
device 2. 

Then, at the informatfon terminal device 2, after V is 
decrypted t>y using the secret key Kqq of the information 
terminal device 2, whether the random ni^nber r coin- 

35 ddes vwlh that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 

On the other hand, when the work key receipt sig- 
nature Sy is received, the information center 1 divides 
the information I into processing units, encrypts each 

40 processing unit of this information I by the work key WK, 
applies a hash function hQ to C - EWK(I). signs this h(C). 
and sends C and SIm = DKsM(h(C)) to the information 
terminal device 2. Then, the information terminal device 
2 verifies that this signature is connect, and decrypts the 

45 encrypted information C. 

Here, the secrecy is physically maintained from a 
device for decrypting by using the secret key Kss to a 
device for deaypting by using the work key WK. To this 
end, ttiis section, i.e., tiie secret protection mechanism 

50 26 of the information terminal device 2 shown in Fig. 3, 
can be set in a safe box and sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdistribution: The concept and the Architecture", 
Trans. lEICE. Vol. E73. No. 7. pp. 1 133-1 146. July 1990. 

55 When C is decrypted, a signature of the information 
temninal device 2 is attached to it, and ACK = DKss(h(C)) 
is returned to the information center 1. Then, the infor- 
mation center 1 certifies tiiat ACK is a proper one, and 
records Ru, Su» and ACK as a ground for charging. The 
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information center 1 then continues the processing for 
the next processing unit after the return of ACK Is con- 
firmed. 

Asdescribed, according to this first embodiment, the 
encrypted information Itself and the decryptbn key are 
separated while the decryption key is safely stored within 
the computer card 3. As a result, the information will not 
t>e leaked to the third party because the information is 
delivered in an encrypted state, arxj the Illegal copying 
wilt be difficult because the decryptbn k^ is confined 
within the computer card 3 and it is difficult even for the 
legitimate user to learn the decryption key while the 
decryption of the information and the deayption of the 
work key WK are carried out at devices which are phys- 
ically sealed within the information terminal device 2. 

Consequently, it is possible to construct a system 
that can be utilized by the information provider without 
any anxiety. In additk>n, there is no disadvantage from 
the user's standpoint and the desired information can 
he utilized t>y making an access to the information center 
even when it is not available at the information terminal 
de^ncQ located neart>y, so that there is an advantage that 
the information becomes available from any inforn^on 
terminal device. 

Referring now to Rg. 12 to Rg. 16, the second 
embodiment of the digital information protection system 
according to the present invention will be described in 
detail. 

In this second embodiment, the dgital inforn^on 
protection system has an overall configuration similar to 
that of the first embodiment shown in Fig. 1 . In this sec- 
ond embodiment, the information center 1 has an inter- 
nal conf iguration similar to that shown in Rg. 2 described 
atxive except that the CPU 1 8 also executes an informa- 
tion conversion for the delivery certification,. Also, the 
information terminal device 2 has an internal configura- 
tion sut>stantially similar to that shown in Fig. 3 descrit>ed 
above. Also, the computer card 3 has an internal config- 
uration similar to that shown in Rg. 4 desaibed atxive 
except that tiie CPU 37 also executes an information 
conversion for the delivery certification. 

This digital information protection system of the sec- 
ond embodiment is operated according to the following 
information utilization protocol based on the digital infor- 
mation protection scheme of the present invention. 

(Preparatory set up) 

In this second embodiment, the computer card 3 
registers in advance its identifier ID^. its public key Kpy, 
a certificate Xpu of the public key Kpy, a public key Kpc 
of the certif k»te authority 4. its secret key Ksu. a secret 
information S, and a public information n'. where the 
secret key Ksu secret information S in particular 

are registered into a write only region within the public 
key cryptosystem device 32 which is a protected area 
that cannot be read out freely. Here, ID^. S, and n' have 
a relationship of IDg = mod n\ and n* is a product of 



two large prime numbers which has a size of several hun- 
dred bits. 

The rest of the preparatory set up is substantially 
similar to that of the first embodiment described above. 

s 

(Mutual auttientication between the computer card 3 and 
the information terminal device 2> 

Rrst, ttie mutual authentication between the compu- 
10 ter card 3 and the information terminal device 2 is carried 
out substantially as tiie procedure shown in Rg. 5 
descnbed atxyve. 

(User authentication) 

IS 

Next, ttie user authentication is carried out suk)stan- 
tially as the procedure shown in Fig. 6 descrit>ed atxive. 

(User's selection) 

20 

Next, the user's selection is carried out sut>s1antially 
as the procedure shown in Rg. 7 described akX3ve. 

(Information request) 

25 

Next, the information request is carried out sut>stan- 
tially as the procedure shewn in Fig. 8 described above. 

(Information delivery and storage, and infonnation center 
30 authentication) 

Next, ttie information delivery and storage and ttie 
information center authentication are carried out accord- 
ing to tiie procedure shown in Rg. 12 as follows. 

35 The information center 1 generates the vwrk key WK 
for encrypting the information I to be utilized and 
encrypts this information I to obtain C = EWK(I), and 
stores this encrypted information C in the information 
storage unit 12. Also, in order to indicate that this 

40 encrypted information C is surely what is sent out from 
the information center 1 , a signature of the information 
center 1 is attached to this encrypted information C. 
Here, the attaching of the signature to the entire 
encrypted information is inefficient, so ttiat the signature 

45 Is attached with respect to h(C) in which the amount of 
C is reduced by the one-way random hash algorithm h 
in a manner of Sl^ = DKsM(h(C)). Tlien. the information 
center 1 sends C and SIm obtained in this manner to ttie 
information terminal device 2. 

50 The information terminal devbe 2 then applies the 
hash algorithm h to the encrypted Information C received 
from tiie information center 1 to obtain h(C), and sends 
ttiis h(C) along witti the SIm received from ttie information 
center 1 to the computer card 3. 

55 The computer card 3 then verifies whether this sig- 
nature is correct or not by checking whether EKp^CSy 
coincides with h(C) by using the public key Kp^ of ttie 
information center 1 , and registers the information iden- 
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tifier Req. and the encrypted identifier IDg of the infor- 
mation terminal device 2. 

(Signing and delivery certification preparation) 

Next the signing and the delivery certification prep- 
aration are carried out according to the procedure shown 
In Rg. ISasfollcws. 

The computer card 3 signs the hashed and 
encrypted Information h(C) by using the secret key Ksu 
of the computer card 3 in order to notify the information 
center 1 that the encrypted information C has been 
stored in the information temninal device 2 In a manner 
of Su = DK3u(h(C)), and sends tfiis to the information 
center 1 via the information terminal device 2. 

The information center 1 then verifies whether this 
signature Su is correct or not by checking whether 
EKpu(Su) coincides with h(C). 

Next, for the purpose of the delivery certification, the 
computer card 3 generates a random number rj (i = 0, 1 , 

t-1) and obtains Xj = IDy" rrxxl n\ and sends XX = 

(X0|Xi I P(t-i) to the information center 1 via the infor- 
mation terminal device 2. where t is a number of bits in 
the work key WK, and a symbol | denotes a concatena- 
tion. 

(Key delivery and delivery certification) 

Next the key delivery and the delivery certification 
are carried out according to the procedure shown in Rg. 
14 as follows. 

The information center 1 otrtains EE = WK || hpOC. 
RQS) from XX. RQS. and WK. where a symbol || denotes 
an exclusive OR for each bit and then divides tNs EE bit 
by bit and sets each bit as e; (i = 0, 1, , t-1). 

Then, the information center 1 sends 00 to the com- 
puter card 3 first. In response, the computer card 3 cal- 
culates Y0 = S^^ * ®^ mod n* from the received e0, and 
returns this Y0 to the information center 1. Here. S is 
defined such that IDu = mod n' holds. 

When Y0 is received from the computer card 3, the 
information center 1 verifies whether Y02 = IDy®^ ' X0 
(mod n*) holds or not. When this relationship holds, the 
information center 1 sends ei to the coirputer card 3 
next and cam'es out the verification for Y^ in the similar 
manner. This operation is repeated for t times, until Y^.^ 
is verified. After is verified, ttie information center 1 

recorcte Ry. Sy. ej. and Yj (i = 0. 1 t-1 ) as ttie ground 

for charging. 

On the other hand, the computer card 3 obtains EE 

by concatenating the received Oj as EE = (e0|ei| |et. 

i). obtains WK from this EE as WK = EE || h(XX. RQS). 
and registers this WK in correspondence to Req and ID5 

It is to be noted that in ttie above procedure, a man- 
ner of sending ej bit by bit has been described as a simple 
manner of sending Oj. txjt it is also possible to send some 
nurTt>er of bits togettier instead. 



(Information utilization) 

Next, in a case the information to be utilized is stored 
in the information terminal device 2. ttie information uti- 

5 lization is carried out according to the procedure shown 
in Rg. 15 as follows. 

When the user utilizes the irrtormatfon. the computer 
card 3 is connected to the information terminal device 2 
and this information terminal device 2 is operated. At ttiis 

10 point, the WK request message ReqW containing a ran- 
dom nurTt)er r is sent from tiie information terminal 
device 2 to the computer card 3. Then, the computer card 
3 concatenates the random number r contained in the 
WK request message ReqW and the work key WK. 

15 encrypts them by the public key Kps of the information 
terminal device 2. and sends ttie resulting V - EKps(WK. 
r) to the information terminal device 2. 

Then, at the information terminal device 2. after V is 
decrypted by using the seaet key Kss of the information 

20 terminal device 2. whether tiie random number r coin- 
cides witti that contained in tiie WK request message 
ReqW or not is checked, and the work key WK is set. 
Then, the informatfon terminal device 2 decrypts the 
encrypted information C stored therein by using this work 

25 key WK to put the information in a utilizable state. 

Here, the secrecy is physically maintained from a 
device for decrypting t>y using the secret key K33 to a 
device for decrypting by using the work key WK. To this 
end, this section, i.e.. the secret protection mechanism 

30 26 of tiie information terminal device 2 shown in Rg. 3, 
can be set in a safe box arxi sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdistribution: The concept and the Architecture". 
Trans. lEICE, Vol. E73. No. 7. pp. 1 133-1 146, July 1990. 

35 In th^ manner, the legitimate user can utilize the 
information stored in the information terminal device 2 
whenever necessary, as long as the user has ttie proper 
computer card 3. 

40 (Information utilization in a case the information to be uti- 
lized in not in the information terminal device 2) 

Next, in a case the information to t>e utilized is not 
stored in the information terminal device 2, the informa- 

45 tion utilization is carried out according to the procedure 
shown in Rg. 16 as follows. 

After the information request is nr^e according to 
the procedure of Rg. 8 described above, the computer 
card 3 checks whether that information identifier Req is 

50 registered therein or not If this information identifier Req 
is registered, the information terminal device identifier 
IDs* corresponding to this information identifier Req is 
sent to the cunrentty connected information terminal 
device 2 with the identifier IDs- In response, ttiis informa- 

55 tion terminal device 2 with the identifier IDs sends the 
information identifier Req to another informatfon terminal 
device 2* with the identifier IDs* to have the encrypted 
infomnation C transferred from this another information 
terminal device 2'. Thereafter, the information utilization 
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accading to the procedure shown in Rg. 15 described 
above Is carried out with respect to this encrypted infor- 
nnation C. 

AKematively. it is also possible to use the following 
procedure for utilizing the information while the infornna- s 
tion is transferred. Nannely, after Su is sent out to the 
Information center 1 , the information terminal device 2 
sends the WK request message ReqW containing a ran- 
dom number r to the conrpuler card 3. Then, the compu- 
ter card 3 concatenates the random number r contained 
in the WK request message ReqW and the work key WK. 
encrypts them by the put>lic key Kps of the information 
terminal dence 2, and sends the resulting V = EKps(WK, 
r) to the information terminal device 2. 

TTien, at the information terminal device 2, after V is 
decrypted by using the secret key Kss ^ information 
terminal de^ce 2, whether the random number r coin- 
cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is sel 
Then, the information terminal device 2 decrypts the 
encrypted information C by using this work key WK to 
put the information in a utilizable state, and returns ACK 
to the computer card 3 in order to indicate that the work 
key WK has been received. At this point, it is also possi- 
t>le for the information terminal device 2 to store the infor- 
mation while the information is decrypted. 

As described, according to this second embodi- 
ment, in addition to the advantages that the infornnation 
will not be leaked to the third party and the illegal copying 
will be difficult as in the first embodiment desaibed 
atX3ve. rt also becomes possible to surely and accurately 
charge the information by means of the delivery certifi- 
cation data. 

Consequently, it is also possit)le to construct a sys- 
tem that can be utilized by the information provider with- 
out any anxiety. In addition, there is no disadvantage 
from the user's stanc^int. and the desired information 
can be utilized by making an access to the information 
center even when it is not available at the information 
terminal device located nearby, so that there is an advan- 
tage that the information becomes available from any 
information terminal device. 

It is to be noted that the first and second enrtxxii- 
ments descrfoed above have been directed to a case of 
utilizing the public communication channel such as 
ISDN, but the present invention is equally applicable to 
a case of using the connection-less channel such as a 
dedicated line. 

It is also to be noted that the applicability of the 
present invention is not limited to the computer software, 
and extends to all kinds of a digital informatfon delivery 
utilizing the communicatfon of the encrypted digital infor- 
mation. 

It is also to be noted that besides those already 
mentioned above, many nxxlrfications and variations of 
the atxjve embodiments may be made without departing 
from the novel and advantageous features of the present 
invention. Accordingly, all such modifications and varia- 



tions are intended to be included within the scope of the 
appended claims. 

Claims 

1 . A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
infonnation provided by an information center, by 
connecting a computer card owned by the user to 
an information terminal device connected with the 
infomiation center, the method corrprising the steps 
of: 

(a) carrying out a nuitual authentication 
between the computer card and the infornnation 
terminal device; 

(b) carrying out a user authentication by the 
computer card through the information terminal 
device; 

(c) serxfing an information request specifying 
the desired digital infonration of the user from 
the information terminal device to the informa- 
tion center by signing and encrypting an infor- 
mation identifier for identifying the desired 
digital information; 

(d) sending the work key for encrypting the 
desired digital information from the information 
center to the computer card t>y a cipher commu- 
nication using a public key cryptosystem; 

(e) obtaining and registering the work key sent 
from the infornnation center at the computer 
card, and sending a work key receipt signature 
from the computer card to the information 
center; 

(f) receiving a work key request message con- 
taining a random number from the information 
terminal device at the computer card, encrypt- 
ing the work key according to tiie random 
number, and sending an encrypted work key 
from the computer card to the information ter- 
minal device; 

(g) encrypting the desired digital information 
specified by the infornnation request by using 
the work key at the information center, and 
sending the encrypted digital informatfon from 
the information center to the information termi- 
nal device; 

(h) receiving and decrypting the encrypted work 
key sent from the computer card so as to ot^tain 
the work key at the information terminal device, 
receiving and decrypting the encrypted digital 
information sent from the information center by 
using the work key. and providing the decrypted 
digital infornnation to the user at the information 
terminal device; and 

(i) sending an encrypted information receipt sig- 
nature from the information terminal device to 
the information center, and recording the infor- 
mation request, the wak key receipt signature, 
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and the encrypted information receipt signature 
as a ground for charging at the information 
center. 

2. Themethodofdaiml, wherein at the steps (d) and s 
(e), the information center generates the work key. 
encrypts the work key by a public key of the compu- 
ter card, and sends a generated and encrypted work 
key afong with a signature of the information center 

to the computer card via the information terminal io 
device, and the conputer card verifies whether the 
signature of the information center is correct or not. 
obtains the work key from the generated and 
encrypted work key. sends the work key receipt sig- 
nature to the information center via the Information 75 
terminal device, and registers the work key along 
with the Information identifier. 

3. The method of claim 1 , wherein at the step (f). the 
information terminal device sends the work key 20 
request message containing the random number to 
the computer card, after the work key receipt signa- 
ture is sent from the computer card to the information 
center via the information terminal device. 

25 

4. The method of claim 1 , wherein at the step (f). the 
computer card concatenates and encrypts the work 
key and the random number by using a public k^ of 
the information terminal devk;e, and sends concate- 
nated and encrypted work key arxJ rarxiom number 30 
to the information terminal device, and at the step 
(h). the InformaHon terminal device deaypts the 
concatenated and encrypted work key and random 
number, checks whether a decrypted random 

. number coincides with the random number con- 35 
tained in the work key request message, and 
decrypts the encrypted digital information sent from 
the information center by using a decrypted work 
key 

40 

5. A method for digital information protection in a sys- 
tem in which a user n^akes an access to a digital 
Information provided k>y an information center, by 
connecting a computer card owned by the user to 

an information terminal device connected with the 45 
information center, the method comprising the steps 
of: 



mation kientifier for identifying the desired 
digital Information; 

(d) encrypting the desired digital information 
specified by the information request by using 
the work key at the information center, and 
sending the encrypted digital information from 
the information center to the information termi- 
nal device and the computer card; 

(e) receiving and storing the encrypted digital 
information sent from the information center at 
the information terminal devwe, and sending an 
information receipt signature from the computer 
card to the information center via the informa- 
tfon terminal device; 

(f) delivering the work key for encrypting the 
desired digital information from the information 
center to the computer card, and obtaining and 
registering the work key sent from the Informa- 
tfon center at the computer card, while returning 
a delivery certificate from the computer card to 
the information center; 

(g) receiving a work k^ request mess^e con- 
taining a random number from the information 
terminal device at the computer card, encrypt- 
ing the work key according to the random 
number, and sending an encrypted work key 
from the corrputer card to the information ter- 
minal device; 

(h) receiving and decrypting the encrypted work 
key sent from the corrputer card so as to obtain 
the work key at the information terminal device, 
decrypting the encrypted digital information 
stored in the irrformation terminal device by 
using the work key, and provkling the decrypted 
digital information to the user at the information 
terminal device; and 

(i) sending an encrypted Information receipt sig- 
nature from the information terminal device to 
the information center, and recording the infor- 
mation request, the encrypted information 
receipt signature, and the delivery certif k^ate as 
a ground for charging at the information center. 

6. The method of daim 1 or 5, wherein at the step (a), 
the mutual authentication between the conputer 
card arxJ the information terminal devfoe is realized 
by sending a random nurTt>er generated by the infor- 
mation terminal device to the conputer card, signing 
arKi encrypting the random number at the conputer 
card and returning a signed and encrypted random 
nurTt>er to the information terminal device, and 
checking whether ttie signed arxi erxrypted random 
number is consistent with the random nurTi>er at the 
infomnation terminal device, 

7. The metixxJ of daim 1 or 5, wherein at the step (b). 
the user authentication by ttie computer card is real- 
ized by storing a presait>ed password In the compu- 
ter card, checking whether a user input entered at 



(a) carrying out a mutual authentication 
between the computer card and the information so 
terminal device; 

(b) canrying out a user auttientication by the 
conputer card through the information terminal 
device; 

(c) sending an information request specifying 55 
the desired digital information of the user from 
the Information terminal devk:e to the informa- 
tion center by signing and encrypting an infor- 
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the information tenminal device coincides with the 
prescrik>ed password at the computer card, execut- 
ing an error processing when an enroneous user 
input is repeated for a prescribed number of times, 
and invalidating the computer card when the error 
processing is repeated for a predetermined number 
of times. 

8. The method of daim 1 or 5, wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in an 
encrypted state in the conrputer card, and checking 
whether a user input entered at the information ter- 
minal device coincides with the prescribed password 
in a decrypted state at the computer card, or check- 

^ ing whether a user input entered and enaypted at 
the infomiation terminal device coincides with the 
preserved password in the encrypted state at the 
computer card. 

9. The method of daim 1 or 5, wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a user input entered at the 
information terminal device to the computer card by 
a cipher communication, checking whether the user 
input coincides with the pre8crit>ed password at the 
computer card, adjusting a parity of a random 
number generated according to whether the user 
input coincides with the prescrit)ed passwoid at the 
connputer card, and sendng the random number to 
the information terminal device by a dpher conunu- 
nication. 

-,10. The method of daim 1 or 5, wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a first value indicating a sum or an 
exdusive OR of a user input entered at the informa- 
tion terminal device and a random nunr4;>er gener- 
ated at the information tenminal device to the 
conrputer card by a dpher communication, sending 
a second value indicating a difference or an exdu- 
sive OR of the first value and the prescrit>ed pass- 
word at the computer card to tiie information 
terminal device, and checking wtiether the second 
value coincides with the random number at the infor- 
mation terminal device. 

11, The method of daim 1 or 5. wherein at the step (c), 
tfie information terminal devk;e sends the informa- 
tion identifier, a public key of the information center, 
and a certificate for the public key of the information 
center to the computer card, the computer card 
signs and encrypts the information identifier t>y using 
a secret key of ttie computer card and the public key 
of the information center and returns a signed and 
encrypted information identifier to the information 
terminal device, and the information terminal device 



sends the signed and encrypted information kienti- 
f ier along with a public key of the computer card and 
a certificate for the public key of the computer card 
to the information center, so as to prevent an 
5 improper access to the information center. 

12. The metiiod of claim 5. wherein at the step (c), the 
information terminal device sends the information 
identifier, a put)lic key of the information center, and 

10 a certificate for the piMc key of the information 
center to the conrputer card, tiie conrputer card 
signs the information identifier and erK^rypts a 
signed information klentifier ty using a secret key of 
the corrputer card and tfie public key of the informa- 

15 tion center and returns a signed and encrypted infor- 
mation kJentifier to the information tormirial device, 
the information termir^ device serxjs the signed 
and encrypted information klentifier afong witii a 
public key of the computer card arxi a certificate for 

20 the public key of the computer card to the information 
center, and the informatfon center decrypts the 
signed arxJ encrypted information klentifier to obtain 
the signed information kJentifier and utilizes the 
signed information klentifier in delivering the work 

26 key and obtaining the delivery certificate at the step 
(f). 

1 Z. The method of daim 5, wherein at the steps (d) and 
(e), the information center generates ttie work key, 

30 encrypts the desired digital information by the work 
key. and sends the encrypted digital information 
along with a signature in which the encrypted digital 
information is conrpressed and signed to the infor- 
mation terminal device, the information terminal 

35 device stores the encrypted digital information while 
the computer card verifies whether the signature is 
correct or not. arxJ registers the information identifier 
along with an identifier for the information terminal 
devk;e. 

40 

14. The method of claim 5. wherein at the step (e). ttie 
computer card signs a conrpressed and encrypted 
cfigital information to obtain the encrypted informa- 
tion receipt signature, and sends the encrypted 

45 information receipt signature to the information 
center, and the information center verifies the 
encrypted information receipt signature to confirm 
tfiat the encrypted digital information has been cor- 
rectty stored in the information terminal device and 

50 ttie information Klentifier for the encrypted digital 
information has been registered in the conrputer 
card. 

IS The m^hod of daim 5. wherein at the step (f). the 
55 delivery certificate certifies that ttie work key has 
been correctly delivered from the information center 
to the computer card. 
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16. The method of claim 5. wherein at the step (g). the 
computer card concatenates and encrypts the work 
key and the random number by using a public key of 
the informatbn terminal device, and sends concate- 
nated and encrypted work key and random number 
to the Information terminal device, arxj at the step 
(h), the information terminal device decrypts the 
concatenated and encrypted work key and random 
number, checks whether a decrypted random 
number coincides with the random number con- 
tained in the work key request message, and 
decrypts the encrypted digital information stored in 
the information terminal device try using a decrypted 
work key. 

17. TTie method of daim 5. further comprising the step 
of: 

transferring another encrypted digital infor- 
mation stored in another information terminal device 
to the information terminal device; and 

storing said another encrypted digital infor- 
matbn transferred at the transferring step in the 
information terminal device such that said arrather 
encrypted digital information can be utilized at the 
information terminal device by carrying out the steps 
(f) to (i) with respect to said another encrypted digital 
information. 

18. The method of claim 5, further comprising the step 
of: 

transfen-ing another encrypted digital infor- 
matfon stored in another information terminal device 
to the information terminal device: arxJ 

carrying out the steps (f) to (i) with respect to 
said another encrypted digital information trans- 
ferred at the transferring step. 

19. A method for digital infonnation protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 
connecting a corrputer card owned by the user to 
an information terminal device connected with the 
information center, the method comprising the steps 
of: 

delivering a work key for encrypting a desired 
digital information from the information center to the 
computer card through the infornr^on terminal 
device, and registering the work key in the computer 
card; 

delivering the desired digital information 
encrypted by the work key from the information 
center to the information terminal device; and 

decrypting an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 
in the computer card, and provkJing a decrypted dig- 
ital informatfon tothe user at the information terminal 
device. 



20. The method of daim 1 9. furtiier comprising the steps 
of: 

sending an information request specifying 
the desired digital information of the user from the 
5 information terminal device to tiie information 
center; 

sending a work key receipt signature from the 
computer card to the information center in response 
to a delivery of the work key; 
70 sending an encrypted infornration receipt sig- 

nature from the infornr^tion terminal device to the 
information center in response to a delivery of the 
encrypted digital information; and 

recording ttie information request, the work 
75 key receipt signature, and the encrypted information 
receipt signature as a ground for charging at the 
information center. 

21. The method of daim 19, further comprising tiie steps 
20 of: 

sending an information request specifying 
the desired digital information of the user from tiie 
information terminal device to the information 
cerrter; 

25 serxJing an encrypted information receipt sig- 

nature from the information terminal device to the 
information center in response to a delivery of the 
encrypted digital information; 

retuming a delivery certificate from the com- 

30 puter card to the information center in a course of a 
delivery of the work key; and 

recording the information request, tiie 
encrypted information receipt signature, and the 
delivery certificate as a ground for charging at the 

35 information center. 

22. A digital information protection system, comprising: 

an information center for providing a digital 
information; 

40 an informatfon terminal devfoe connected 

witti the information center; and 

a computer card owned by a user, such that 
the user makes an access to the digital information 
provided by the information center by connecting tiie 
45 computer card to the information terminal device; 

wherein the information center, the informa- 
tion terminal device, and the computer card are 
adapted to: 

deliver a work key for encrypting a desired 
50 digital information from the information center to the 
computer card through the information terminal 
device, and register the work key in the computer 
card; 

deliver the desired digital irrfbrmation 
55 encrypted by the work key from tiie information 
center to the information terminal device; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using tiie work key registered 
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in the computer card, and provide a decrypted digital 
Information to the user at the information terminal 
device. 

23. The system of claim 22. wherein the information 
center, the information terminal device, and the com- 
puter card are further adapted to: 

send an information request specifying the 
desired digital information of the user from the Infor- 
mation terminal device to the irrformation center; 

send a work key receipt signature from the 
computer card to the information center in response 
to a delivery of the work key; 

send an encrypted infonnation receipt signa- 
ture from the information terminal device to the infor- 
mation center in response to a delivery of the 
encrypted digital information; and 

record the information request, the work k^ 
receipt signature, and the encrypted information 
receipt signature as a ground for charging at the 
information center. 

24. The system of claim 22, wherein the information 
center, the information terminal device, and the com- 
puter card are further adapted to: 

send an information request specifying the 
desired digital information of the user from the infor- 
mation terminal device to the information center; 

send an encrypted information receipt signa- 
ture from the information terminal device to the infor- 
mation center in response to a delivery of the 
encrypted digital information; 

return a delivery certificate from the compu- 
ter card to the information center in a course of a 
delivery of the work key; and 

record the information request, the encrypted 
information receipt signature, and the delivery cer- 
tificate as a ground for charging at the information 
center. 

25. An information center for a digital Information pro- 
tection system in which a user makes an access to 
a digital information provided by the information 
center by connecting a computer card owned t}y the 
user to an infomiation terminal device connected 
with the information center, v^erein the information 
center, the information terminal device, arxi the com- 
puter card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
corrputer card through the information terminal 
device, and register the work key in the conrputer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 
center to the information terminal devtee; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 



in the computer card, arxi provide a decrypted digital 
information to the user at the information terminal 
devk:e; 

the information center comprising: 
5 information storage means for storing the dig- 

ital information; 

communication control means for making a 
communication with the information terminal device: 
key generation means for generating the 
10 work key; 

enayption means for encrypting the digital 
information by using the work k^; 

public key cryptosystem means for encrypt- 
ing the work key in order to make a cipher commu- 
15 nication of the work key; and 

signature conversion means for providing a , 
signature of the information center. 

26. The informatbn center of daim 25, further compris- 
ed ing 

information conversion means for delivering 
the work key to the computer card while receiving a 
delivery certif k^e from the computer card. 

25 27. An information terminal device for a digital informa- 
tion protection system in which a user makes an 
access to a digital information provided by an infor- 
mation center by connecting a computer card owned 
by the user to the information terminal device con- 

30 necXed with the information center, wherein the infor- 
mation center, the inforn^tion terminal device, and 
the computer card are adapted to: 

deliver a work key for encrypting a desired 
dgital information from the information center to tiie 

35 computer card through the information terminal 
devk;e. and register the work k^ in the computer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 
40 center to the informatbn terminal device; and 

deaypt an encrypted digital information 
delivered from the information center at the informa- 
tion temninal device by using the work key registered 
in the computer card, and provide a decrypted dig'rtal 
45 information to the user at tiie information terminal 
devk;e; 

the information terminal device comprising: 

first communication control means for mak- 
ing a communication with the infamation center; 
50 second comminication control means for 

making a communication with the conrputer card; 

information storage means for storing the dig- 
ital information; 

put>lk; cryptosystem means for encrypting the 
55 work key in order to make a cipher communication 
of the work key; signature conversion means for pro- 
viding a signature of the information terminal device; 

random numt)er generation means for gener- 
ating a random number; 
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matching means lor matching the random 
number generated by the random number genera- 
tbn means with a random number received from the 
corrputer card; 

secret key storage means for storing a secret 5 
key of the information terminal device; 

decryption means for decrypting an 
encrypted work k^ and an encrypted digital infor- 
mation; and 

secrecy protection means for physically pro- w 
tecting a secrecy of the random number generation 
means, the matching means, the secret key storage 
means, and the decryptfon means. 

28. A computer card for a digital information protection 75 
system in which a user makes an access to a digital 
information provided by an information center by 
connecting the computer card owned by the user to 

an information terminal device connected with the 
information center, wherein the information center, 20 
the information terminal device, and the computer 
card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal 25 
device, and register the work key in the corrputer 
card; 

deliver the desired digital information 
encrypted by the work key from the informatfon 
center to the infanr^tion terminal device; and 30 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
information to the user at theJnformation terminal 35 
device; 

the computer card conprlsing: 

communication control means for making a 
communfoatfon with the information terminal device; 

put)lic cryptosystem means for encrypting the 40 
work key in order to make a dpher communicatfon 
of the work key; 

signature conversion means for providing a 
signature of the computer card; arxi 

work key storage means for storing the work 45 

key. 

29. The computer card of claim 28, further comprising 

information conversion means for receiving a 
delivery of tiie work key from the information center so 
while returning a delivery certificate to the informa- 
tfon center. 
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